about summary refs log tree commit diff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/Changelog.md4
-rw-r--r--docs/env_variables.md15
2 files changed, 19 insertions, 0 deletions
diff --git a/docs/Changelog.md b/docs/Changelog.md
index 8bbb4e19..f7bc9600 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -14,6 +14,10 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
     - Fix for auto dictionary entries found during fuzzing to not throw out
       a -x dictionary
     - added total execs done to plot file
+    - AFL_MAX_DET_EXTRAS env variable added to control the amount of deterministic
+      dict entries without recompiling.
+    - AFL_FORKSRV_INIT_TMOUT env variable added to control the time to wait for
+      the forkserver to come up without the need to increase the overall timeout.
   - llvm_mode:
     - Ported SanCov to LTO, and made it the default for LTO. better
       instrumentation locations
diff --git a/docs/env_variables.md b/docs/env_variables.md
index 94c34400..e8129a3f 100644
--- a/docs/env_variables.md
+++ b/docs/env_variables.md
@@ -278,6 +278,14 @@ checks or alter some of the more exotic semantics of the tool:
     don't want AFL to spend too much time classifying that stuff and just
     rapidly put all timeouts in that bin.
 
+  - Setting AFL_FORKSRV_INIT_TMOUT allows yout to specify a different timeout
+    to wait for the forkserver to spin up. The default is the `-t` value times
+    `FORK_WAIT_MULT` from `config.h` (usually 10), so for a `-t 100`, the
+    default would wait `1000` milis. Setting a different time here is useful
+    if the target has a very slow startup time, for example when doing
+    full-system fuzzing or emulation, but you don't want the actual runs
+    to wait too long for timeouts.
+
   - AFL_NO_ARITH causes AFL to skip most of the deterministic arithmetics.
     This can be useful to speed up the fuzzing of text-based file formats.
 
@@ -361,6 +369,13 @@ checks or alter some of the more exotic semantics of the tool:
     for an existing out folder, even if a different `-i` was provided.
     Without this setting, afl-fuzz will refuse execution for a long-fuzzed out dir.
 
+  - Setting AFL_MAX_DET_EXRAS will change the threshold at what number of elements
+    in the `-x` dictionary and LTO autodict (combined) the probabilistic mode will
+    kick off. In probabilistic mode, not all dictionary entires will be used all
+    of the times for fuzzing mutations to not make fuzzing slower by it.
+    The default count is `200` element. So for the 200 + 1st element, there is a
+    1 in 201 chance, that one of the dictionary entry will not be used directly.
+
   - Setting AFL_NO_FORKSRV disables the forkserver optimization, reverting to
     fork + execve() call for every tested input. This is useful mostly when
     working with unruly libraries that create threads or do other crazy
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-28 06:55:36 +0000